We use cookies to ensure that we give you the best experience on our website. By continuing to use this website, you agree to our Cookie Notice & Privacy Notice. However, you can change your cookie settings at any time.

Cyber Pulse: Edition 18

Read the latest edition of Cyber Pulse, our roundup of Cyber news.

7 June 2018

Facebook and Google targeted as first GDPR complaints filed

Facebook and Google have become the targets of the first official complaints of GDPR noncompliance, filed on the day the privacy law takes effect across the EU. Across four complaints, related to Facebook, Instagram, WhatsApp and Google’s Android operating system, European consumer rights organisation Noyb argues that the companies have forced users into agreeing to new terms of service, in breach of the requirement in the law that such consent should be freely given. Max Schrems, the chair of Noyb, said: “Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the agree button – that’s not a free choice, it more reminds of a North Korean election process.” If upheld, the complaints could result in more than £3bn in fines for each company – the maximum possible under the new law being the higher of €20m (£17.5m) or 4% of an organisation’s annual revenue. The complaints, filed on behalf of unnamed users of the sites, were sent to Facebook’s Irish headquarters and Google’s home in Mountain View, California.

How Mirai spawned the current IoT malware landscape operation

When, in late 2016, US-based DNS provider Dyn suffered a massive DDoS attack that it resulted in the temporary unavailability of many popular online services, the name of the Mirai malware became instantly known outside the cybersecurity industry. Since then, we’ve come to know the identities of the author of the malware and the botmasters who used it to mount that and other attacks. But, even before the attack against Dyn, they released the malware’s source code in an attempt to muddy the waters. As expected, other malicious actors took it and used it as a base for many malware variants targeting IoT devices. All variants are capable of mounting a wide variety of DDoS attacks (TCP, UDP, GRE flooding, DNS “Water Torture” attacks, etc.), but only OMG retained the capability of effecting HTTP GET, POST, and HEAD attacks. “Using Mirai as a framework, botnet authors can quickly add in new exploits and functionally, thus dramatically decreasing the development time for botnets,” the researchers noted. “As the explosion of IoT devices does not look to be slowing down, we believe we’ll continue to see increases in IoT botnets. We are likely to see remnants of Mirai live on in these new botnets as well.”

An IoT botnet has been commandeered by white hats after its controllers used a weak username and password combination for its command-and-control server. Ankit Anubhav, of Newsky Security, said researchers with the company were able to take over the MySQL server used to control the Owari botnet – thanks to its creator leaving port 3306 open and the username and password as root. “Mirai botnet was designed to set up a MySQL server for the command and control containing three tables, namely users, history, and whitelist,” explained Anubhav. “While IoT botnets have evolved and many of them have different attack vectors, most of them still retain this tried and tested MySQL server structure, and Owari is no exception to this.” Ironically, Anubhav points out, both Mirai and Owari themselves are able to infect Internet-of-Things devices by brute-force guessing passwords and taking advantage of default credentials in the appliances. Apparently, that weakness extends to the botnet’s command infrastructure as well.

Steam users were vulnerable to a serious exploit for a decade

Steam has millions of active users. That’s a staggeringly large amount of people to be left vulnerable to cyber attacks for a decade. And yet, that’s exactly what happened. There’s been an exploitable bug – which has since been addressed – in Steam for the past 10 years, and any hacker that took advantage of it would have been able to invade the computers of any Steam user. This bug was first written about by Tom Court, a security researcher at Contextis. According to Court, any hacker with the right technical know-how could have used the bug to execute code on another person’s machine, and then used the intrusion to seize full control of the victim’s computer. Valve first dealt with the bug in July 2017. The company implemented an address space layout randomisation update in the Steam desktop client, making it much more difficult for hackers to exploit the bug. Valve then completely patched away the vulnerability this past April.

Prowli malware infected 40,000 machines

Researchers have discovered a traffic manipulation and cryptocurrency mining campaign infecting organisations across industries from finance to education and government. The Operation Prowli campaign has been spreading malware and malicious code to servers and websites around the world, and more than 40,000 machines reportedly have been infected. The GuardiCore Labs team found that by using exploits, password-brute-force and weak configurations attackers have had widespread success with the Prowli campaign. Targeting a variety of platforms from CMS servers hosting popular websites to backup servers running HP Data Protector and DSL modems, the multipurpose operation also goes after IoT devices. Relying on digital currencies and traffic redirection, the campaign has already victimised more than 9,000 companies.

Kodi users warned as serious new threat uncovered - but there’s a simple way to avoid it

Kodi is a free media player that is designed to look great on your big screen TV but is just as home on a small screen. Kodi users are being warned about a new cyber threat to the TV player but there is a very easy way to avoid being targeted by malware. With Kodi now in millions of homes it may not come as a surprise to hear that it’s caught the attention of cyber criminals. Kodi is totally legal but many of its biggest fans use the popular online player to access premium programming, such as football and movies, without paying for a subscription. With so many people searching for this type of illegal content it appears this has become an easy way for criminals to install malicious threats on devices that are running the Kodi software. According to a recent report by Cyberscoop, it seems this is growing problem with one expert revealing that Kodi enabled malware is being sold on the dark web.

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

Edited and compiled by

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.